At 02:27 PM 6/21/2005, Jeff White wrote: >Is one's latest web server compiled with >the Microsoft designed (for any OS) >Safer CRT libraries?
There's nothing "Safe" about the standard C library or Microsoft's library, except how they are used. Most all necessary behaviors (buffer length args to avoid overruns, etc) are now part of all modern c libraries, in a posix compliant flavors. Sadly, and par for course, Microsoft is disinterested in any portability. Therefore relatively trivial conventions become convoluted as Microsoft pollutes the namespace with their own proprietary inventions. In fact the HTTP project believes in certain typical C library behaviors as much safer than Microsoft's concept of "safety". For example, dereferencing a NULL pointer is something that can happen throughout the httpd server code. In every case, a non- NULL value is an unexpected fatal condition, and every platform will fault when that condition occurs. Is it "better" than wordy error messages and clean failures? That's left as an exercise to the developer. But in this team's opinion, allowing the compiler and library to do exactly what they were designed to do, and break upon hitting these exceptions, ensures that no further processing occurs for broken code. Since there is no error in processing this request, but it happens to be a logic error in SSL handshaking, I doubt either fiddler or ethereal will help any for the casual developer. Certainly the 'safe' libraries would do little to nothing. Bill
